download.php 2.2 KB

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667
  1. <?php
  2. /* For licensing terms, see /license.txt */
  3. /**
  4. * This file is responsible for passing requested documents to the browser.
  5. * Html files are parsed to fix a few problems with URLs,
  6. * but this code will hopefully be replaced soon by an Apache URL
  7. * rewrite mechanism.
  8. *
  9. * @package chamilo.blogs
  10. */
  11. /**
  12. * MAIN CODE
  13. */
  14. session_cache_limiter('public');
  15. require_once '../inc/global.inc.php';
  16. $this_section=SECTION_COURSES;
  17. require_once api_get_path(LIBRARY_PATH).'document.lib.php';
  18. // IMPORTANT to avoid caching of documents
  19. header('Expires: Wed, 01 Jan 1990 00:00:00 GMT');
  20. header('Cache-Control: public');
  21. header('Pragma: no-cache');
  22. //protection
  23. api_protect_course_script(true);
  24. $doc_url = $_GET['file'];
  25. //change the '&' that got rewritten to '///' by mod_rewrite back to '&'
  26. $doc_url = str_replace('///', '&', $doc_url);
  27. //still a space present? it must be a '+' (that got replaced by mod_rewrite)
  28. $doc_url = str_replace(' ', '+', $doc_url);
  29. $doc_url = str_replace('/..', '', $doc_url); //echo $doc_url;
  30. if (! isset($_course)) {
  31. api_not_allowed(true);
  32. }
  33. $full_file_name = api_get_path(SYS_COURSE_PATH).api_get_course_path().'/upload/blog/'.$doc_url;
  34. //if the rewrite rule asks for a directory, we redirect to the course view
  35. if (is_dir($full_file_name)) {
  36. //remove last slash if present
  37. while ($doc_url{$dul = strlen($doc_url)-1}=='/') $doc_url = substr($doc_url,0,$dul);
  38. //create the path
  39. $document_explorer = api_get_path(WEB_COURSE_PATH).api_get_course_path(); // home course path
  40. //redirect
  41. header('Location: '.$document_explorer);
  42. }
  43. $tbl_blogs_attachment = Database::get_course_table(TABLE_BLOGS_ATTACHMENT);
  44. $course_id = api_get_course_int_id();
  45. // launch event
  46. event_download($doc_url);
  47. $sql = 'SELECT filename FROM '.$tbl_blogs_attachment.'
  48. WHERE c_id = '.$course_id.' AND path LIKE BINARY "'.Database::escape_string($doc_url).'"';
  49. $result = Database::query($sql);
  50. if (Database::num_rows($result) > 0) {
  51. $row = Database::fetch_array($result);
  52. if (Security::check_abs_path($full_file_name, api_get_path(SYS_COURSE_PATH).api_get_course_path().'/upload/blog/')) {
  53. DocumentManager::file_send_for_download($full_file_name, TRUE, $row['filename']);
  54. }
  55. }
  56. exit;